directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Kelly (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-1734) ads-certificatePassword syntax far too restrictive for actual passwords
Date Thu, 05 Jul 2012 23:20:34 GMT
Sean Kelly created DIRSERVER-1734:
-------------------------------------

             Summary: ads-certificatePassword syntax far too restrictive for actual passwords
                 Key: DIRSERVER-1734
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1734
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 2.0.0-M7
         Environment: CP/M-86 Java 7 on PDP-11
            Reporter: Sean Kelly
             Fix For: 2.0.0-RC1


The password for my keystore happens to be "ec7!J>;;x".

However, specifying that value in my config.ldif as {{ads-certificatePassword: ec7!J>;;x}}
results in a startup failure:

{noformat}
[18:08:12] WARN [org.apache.directory.shared.ldap.model.entry.DefaultEntry] - The attribute
'ads-certificatepassword' cannot be stored
org.apache.directory.shared.ldap.model.exception.LdapOtherException: ERR_04447_CANNOT_NORMALIZE_VALUE
Cannot normalize the wrapped value ERR_04473_NOT_VALID_VALUE Not a valid value 'ec7!J>;;x'
for the AttributeType 'ATTRIBUTE_TYPE ( 1.3.6.1.4.1.18060.0.4.1.2.309
 NAME 'ads-certificatePassword'
 DESC The certificate passord
 EQUALITY caseExactMatch
 ORDERING caseExactOrderingMatch
 SUBSTR caseExactSubstringsMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
 SINGLE-VALUE
 USAGE userApplications
 )
'
	at org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:77)
	at org.apache.directory.server.ApacheDsService.initConfigPartition(ApacheDsService.java:284)
	at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:166)
	at org.apache.directory.server.UberjarMain.main(UberjarMain.java:58)
{noformat}

Apparently the {{ads-certificatePassword}} property's syntax is 1.3.6.1.4.1.1466.115.121.1.44,
which, sadly, is far too restrictive for actual in-use passwords.

I recommend changing the syntax to something a bit more permissive.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message